Security and Defence

EU Security and Defence Policy

The various governing and legislative bodies of the Union serve as key agents in promoting a centralised EU security and defence strategy on a global scale. Effective multilateralism requires a clear legal framework for reinforcing the Union's capacities, instruments and partnerships to prevent and manage crises and conflicts, and to build lasting peace.

The Treaty of Lisbon provides an important contextual anchor for the Union's discussion of security policy on various institutional levels. The Treaty offers transparency and legal clarity on the Common Security and Defence Policy (CSDP) in addition to confirming the political and budgetary roles of EU Member States and institutions in the implementation of security policy.

European Parliament

The European Parliament has been vocal in emphasising the need for a legally and strategically united Europe in response to global issues (e.g. environmental deterioration, resource scarcity, terrorism, managing financial crises, digital protection).

This call for a comprehensive EU approach to a large spectrum of security measures has appeared in the Parliament's recent resolutions, such as the Resolution of 11 May 2011 on the development of the CSDP following the entry into force of the Treaty of Lisbon. This Regulation builds on the Parliament Resolution of 10 March 2010 on the implementation of the European Security Strategy and CSDP, based on the report by Arnaud Danjean MEP. This Resolution called on the other EU institutions to enter into substantial debate on implementation of the following provisions:

• The clause on mutual assistance;
• The solidarity clause;
• The role of the Vice-President of the Commission/High Representative of the Union for Foreign Affairs and Security Policy, coupled with the establishment of a European External Action Service (EEAS) incorporating, in an comprehensive manner, conflict prevention, civil/military crisis management and peace-building units;
• A broader remit for the CSDP;
• Permanent structured cooperation;
• The establishment of a start-up fund for preparatory activities in the lead-up to operations.

European Commission

The European Commission has many instruments at its disposal to strengthen the security of European citizens. The Stockholm Programme covers most home affairs actions, along with justice, fundamental rights and citizenship area actions and priorities for the EU between 2010 and 2014. In its Action Plan, published on 20 April 2010, the Commission unveiled concrete measures to support the political aims of the Stockholm Programme. Most of them cover security challenges in Europe and beyond, including the fight against terrorism, fight against crime, cyber security as well as immigration issues. All these challenges can be tackled though extensive research and development policies.

EU-NATO Strategic Partnership

The international dimension of the EU Security and Defence Policy is another priority on the current EU ministerial agenda. The EU is consolidating the strategic partnership and constructive cooperation between EU and NATO in order to further develop a bilateral relationship in the field of peace-building and crisis management.

In May 2010, a NATO group of experts, led by its chair Madeleine K. Albright, published its report, NATO 2020 New Strategic Concept. Some of the identified priorities include reaffirming NATO’s core commitment; collective defence (military capabilities should be backed by intelligence); protecting against unconventional threats (prevention rather than reaction); establishing guidelines for operations outside Alliance borders (inner institutional/ country exchange); consultations to prevent or manage crises (need for more R&D). Overall, the report recognised a need for international cooperation and intelligence development which includes security R&D activities.

Framework Developments on Security

Although military protection and defence diplomacy are important assets to a Union-wide security policy, in order to be effective, future EU security policy proposals must be comprehensive in the forms of security addressed.

Despite disagreement on some specific issues, the general comprehensive approach to EU security policy is recognised as universal in application. There is consensus on the need for more actions especially in the field of cyber-security, space exploration, maritime surveillance as well as nuclear proliferation. Additionally, bridging civilian and military capabilities is one of the most frequently debated issues on the senior decision making level.

Seventh Framework Programme (FP7)

The presence of a Security Theme under FP7 is emphasised on two distinct levels: through security missions (security of citizens, infrastructures, surveillance and utilities) and cross-cutting missions (e.g. security systems of integration and interoperability, security and society, security research coordination and structuring).

Following the completion of the FP7 in 2013, the EU security agenda will be changing and, therefore, requires innovative solutions. The main security challenges that will continue to face Europe include acts of terrorism, the proliferation of nuclear and other advanced weapons technologies, cyber attacks directed against modern communications systems and the sabotage of energy pipelines still need effective solutions. These challenges reveal a great number of opportunities for security and defence intelligence analysis and R&D.

Horizon 2020

A major concern inspiring the EU's debate on security is on research and planning initiatives. In the November 2011 Working Paper Executive Summary of the Impact Assessment, the Commission expressed a concern for a “structural innovation gap.” The lack of innovation makes Europe ill-equipped to develop and provide new supporting and security services to its citizens. In the context of security policy in the Union, Horizon 2020 can be understood as a financial instrument to spur innovation and to promote inclusive, innovative and secure societies.

The European Parliament’s November 30 2011 Proposal for a Regulation of the European Parliament and of the Council claims Horizon 2020 will support internal safety and security through the funding of critical crisis management infrastructures and operational performance in light of emerging threats of violence, terrorism and other global challenges facing the Union. In addition to these traditional threats to security, the Horizon 2020 framework will identify security systems related to digital identity and privacy abuses (cyber-attacks or information mining) and other security issues affecting citizens.

The Parliament envisions one of the major outcomes of Horizon 2020 to be the development of close synergies uniting all Union programmes (education, health, space, internal security, environment, etc.). The Commission has also expressed a commitment to the Horizon 2020 framework by issuing a proposal in the Multiannual Financial Framework (2014-2020) of 18.5 billion euros for “security and citizenship.”

EU Cyber Security Strategy

In an increasingly digital world, cyber crimes pose a major obstacle to the promotion of a secure and free enviroment. Current networking infrastructures, such as electricity networks, the internet, aviation and telecommunications, are areas of deep and increasing European interdependence. This dependence is open to exploitation by terrorists and organised crime.

The Digital Agenda for Europe (DAE) was adopted in May 2010 and is a key Europe 2020 initiative for "smart growth." Its' first pillar aims to achieve a centralised EU "Digital Single Market" for the exchange of data and information that is simultaneously secure and open. To accomplish the pillars laid out in this agenda, the European Commission and Member States will carry out a wide range of specific actions towards the development and deployment of security features in ICT products and services. Specific aims include boosting the music download business, establishing a singular area of online payments as well as a singular protection unit for EU consumers in cyberspace.

January 2013 Joint Communication

The enhancement of resilient security infrastructures requires comprehensive EU-level legislation that protects information and network exchanges between Member States, institutions and citizens. In the January 2013 Joint Communication concerning a "Cyber Security Strategy of the European Union," the Commission stresses the importance of promoting trust in information systems.

The aim of the Strategy is to establish a secure and trustworthy digital environment while promoting and protecting fundamental rights, including data protection, democracy and the rule of law. Within this Strategy, the EU has identified sectors requiring enhanced security, including energy, transport, banking and healthcare services.

According to a 7 February 2013 press release, this Strategy will address these areas of vulnerability in terms of the following priorities:

Guaranteeing a radical reduction of cybercrime;

Incorporating "cyber defence policy and capabilities" within the Common Security and Defence Policy (CSDP) to promote core EU security values;

Developing the industrial and technological resources for cyber-security.

In this Joint Communication, the Commission confirmed that if would refer to Horizon 2020's singular funding framework to address the protection of human rights in the digital society, while prioritising Europe's digital economy and industrial technologies, such as ICT, under the Digital Single Market.

The Commission will use the Horizon 2020 framework to provide better coordination of funds to address a range of areas in ICT privacy and security, from R&D to innovation and deployment in addition to supporting the development of instruments to fight criminal and terrorist activities targeting the cyber environment.

European Network and Information Security Agency (ENISA)

The current Network and Information Security (NIS) mechanisms prove to be insufficient in ensuring the resilience of EU-level security infrastructures.Over the last ten years, the Commission has continued to develop instruments and legislative proposal to address society’s dependence on technology and infrastructures as potential sources of direct damage to humans and their environment.

One such development is the monitoring and evaluation of Europe's cyber security situation. The European Network and Information Security Agency (ENISA) was enacted under the 2004 Parliament Regulation "establishing the European Network and Information Security Agency." With a mandate that extends to September 2013, ENISA serves to strengthen cyber-crisis cooperation, preparedness and response across Europe by analysing and presenting the level of cyber threats.

On 4 October 2012, ENISA facilitated "Cyber Europe 2012," the second Pan-European Cyber Exercise, in which more than 500 cyber-security professionals across Europe were in charge of evaluating the resilience of the Union's critical information infrastructures. Twenty-nine EU and European Free Trade Association (EFTA) Member States were involved in the exercise.

Three key objectives codified Cyber Europe 2012:

To test the effectiveness of EU cooperation mechanisms, procedures and information flow throughout the Union;

To explore the cooperation between public and private stakeholders;

To identify gaps and challenges of current large-scale cyber-incidents and propose areas of improvement.

Proposal for a Directive on Network and Information Security (NIS Directive)

EU Legislation and policy will serve to reinforce specific measures of the overarching aim of the EU Cyber Security Strategy, which is to institute a comprehensive and uniform European standard for cyber security.

Establishing measures to ensure a high common level of NIS within the Union;

Requiring all Member States to set up Comprehensive Emergency Response Teams (CERTs);

In addition to adopting national NIS strategies and cooperation plans, the relevant national authorities must cooperate at the EU level, within network enabling security and effective coordination of information exchange, detection;

Establishing singular security requirements for market operators and public administrators;

Creating cooperation mechanisms on a public and private level for prevention, early warning and response to networking risks.

This Directive is controversial because it will oblige companies to be audited with regards to their preparedness with regards to cyber threats and instances with a "significant impact." These companies will be required to notify the national authorities in place in instances of weak security. Moreover, market operators will be liable for the maintenance and level security of their networks, even in instances where this maintenance is outsourced.

The Commission has sent this Proposal to the European Parliament and awaits the debate amongst the parliamentary committees to commence in April 2013.

EU Security and Nuclear Energy

A 2011 Proposal for a Council Regulation on the Research and Training Programme of the European Atomic Energy Community outlines the budget for all direct and indirect actions and objectives and instruments for supporting R&D activities concerning nuclear fission, radiation protection research, JRC direct actions in nuclear security and safety.

This research and training programme, otherwise known as the Euratom Programme , will contribute to the implementation of Horizon 2020's three objectives: excellence in science, industrial leadership and challenging societal challenges in the realm of nuclear research activities. With a mandate to Union funding from 2014 to 2018, the Euratom Programme will fund projects in safety in research activities and training in nuclear energy (fusion and fission), radiation protection as well as non-proliferation. This programme stresses the importance of this nuclear research to the long-term decarbanisation of the energy system in an efficient and secure way.

EU Space and Security

A 30 November 2011 publication by Gerrard Quille, the Directorate-General for External Policies, entitled "Space and Security: The use of space in the context of CSDP" concludes that space applications are best suited for dealing with an increasingly expanding concept of "security" on a global scale. Space applications, therefore, should be developed in line with the evolution of the Common Security and Defence Policy (CSDP) not only for traditional missions such as military, but to civilian missions.

This publication suggests the compatibility of different space-based applications and programmes amongst the EU Member States in context of CSDP:

the importance of EU Flagship Programmes (GMEs services and Galileo);

satellite telecommunication;

unmanned aerial systems;

space-based electromagnetic intelligence;

EDA/ESA/EC cooperation in space capabilities development;

Space Situational Awareness.

Global Security Challenges

During the EU Science: Global Challenges, Global Collaboration (ES:GC2) conference, policymakers, scientists and industry representatives came together to explore challenges in specific domains of security R&D and explore possible solutions for these challenges. At the conference, there were a number of sessions related to security R&D, including: disaster reduction and preparedness, advanced forensics, and cyber security. These themes are prominent in Horizon 2020, the EU's next Framework Programme for Research and Innovation.

In the seminar titled " Disaster Reduction and Preparedness - How Technology Can Help Communities During Disasters and Crises," a group of six internationally recognised experts came together to discuss emerging technologies, such as the use of sensors and the analysis of big data, and their use in assisting the handling of disaster situations as well as in improving predictive capabilities. Also, the experts agreed that many different voices should be heard in discussions about disaster reduction and preparedness including representatives from NGOs, governments, and the private sector. In addition to technological advancements, in order for disaster preparedness to be successful, society as a whole must be aware of how to handle these unusual situations. To do this, there needs to be increased education, role-awareness, and social cohesion efforts. Therefore, if there is a disaster, both the technology and society will both be able to respond appropriately.

Crime science focuses on the study of crime and the factors that cause it, not criminals or criminal behaviour. The evolving discipline of crime science will help us design crime prevention into our environments in order to significantly reduce drivers of crime. In the session titled "Crime Reduction and Advanced Forensics," the group of experts discussed ways forward in crime science, including how data driven technology can lead to applications such as face recognition and object loitering, how to create resilient societies to handle advanced forensics in cyber space and how language and speech technology can advance the field.

The seminar "Cyber Security - Beyond Defensive Technologies to Resilience" examined the cyber landscape where there is an increasing number of network connections causing cyber threats to multiply. This session focused on the realization that cyber attacks will occur, and that the best way forward is to create resilient systems.

The panel came up with the following recommendations:

Elevate cyber security to a strategic role as it impacts the enterprise’s most valued assets (e.g. consider cyber security as a risk verses investment decision, not simply a technology purchase);

Achieve a greater level of protection by sharing data with trusted partners –in industry, in government, and across borders;

Allow real-time data be the driver for building and adapting security strategies;

Design operational workflows and procedures to support these decisions (e.g. design flexible, resilient networks that quickly adapt to new threats);

Create a culture of widespread responsibility for cyber security;

Balance privacy and protection when drafting security policies (e.g. keep as a primary focus the privacy rights as well as expectations of protection of those being served by the enterprise).